This repository has been archived by the owner on Jul 2, 2022. It is now read-only.
Insecure password storage #1
Assignees
Comments
ghost
assigned 
|
Great point. I will use your suggestion and store it in the keychain. This will be in the next release. |
|
Hey @thedillonb just checking if this is being worked on? If not I'll check it out |
|
No this is not being worked on. I had originally de-prioritized this due to the fact that the app is now using token based authentication that requires a token refresh every hour so the only thing you could extract from the device would be expired tokens - unless you lost your device and somebody found it and immediately extracted it within an hour. Regardless, you're welcome to work on it. There's some code already in the Thanks for your help! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The username and password of the configured account are stored in a SQLite database. The database file does not use iOS' data protection, so it is readable to anyone with physical access to the device.
The best solution would be to store the password not in SQLite, but in the Keychain, which was designed exactly for this purpose.
The text was updated successfully, but these errors were encountered: